Update from 1.0.0-stable

[openssl.git] / ssl / d1_pkt.c

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index b53e07d23c2a4ce869e71ae54c160068c390d54a..a89edbc7a7179d6bda11ea284ce9938e581149d3 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -207,6 +207,10 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
        DTLS1_RECORD_DATA *rdata;
        pitem *item;
 
+       /* Limit the size of the queue to prevent DOS attacks */
+       if (pqueue_size(queue->q) >= 100)
+               return 0;
+               
        rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
        item = pitem_new(priority, rdata);
        if (rdata == NULL || item == NULL)